Topics

Featured in Development

Peter Alvaro talks about the reasons one should engage in language design and why many of us would (or should) do something so perverse as to design a language that no one will ever use. He shares some of the extreme and sometimes obnoxious opinions that guided his design process.

Featured in AI, ML & Data Engineering

Today on The InfoQ Podcast, Wes talks with Katharine Jarmul about privacy and fairness in machine learning algorithms. Jarul discusses what’s meant by Ethical Machine Learning and some things to consider when working towards achieving fairness. Jarmul is the co-founder at KIProtect a machine learning security and privacy firm based in Germany and is one of the three keynote speakers at QCon.ai.

Amazon Introduces API Gateway Usage Plans

Amazon recently updated their API Gateway service to include Usage Plans. Usage Plans allow Amazon API Gateway customers to regulate and monetize their APIs through different levels of access and different categories of users. A common pattern for companies that expose their APIs, include monetizing them through a 3rd party developer ecosystem. Usage Plans allow an organization to manage 3rd party developer consumption patterns and billing at an API key level.

Amazon initially launched their API Gateway service in July 2015 as a way for organizations to protect and manage APIs running on AWS Lambda, EC2 or APIs hosted on public endpoints. The service has now been updated to include more granular control for managing APIs through Usage Plans. More specifically, Usage Plans can be assigned to different levels of access, such as Bronze, Silver and Gold. They can also be assigned to different categories of users, including Student, Individual, Professional or Enterprise. Using Usage Plans, API Gateway customers can now control the following characteristics of an API including:

Creating a Usage Plan can be accomplished through the API Gateway Console. Within the Usage Plan, administrators can enable a throttling process that caps API requests per second and burst requests. The Usage Plan also allows for a quota, or cap, on the total number of requests within a predefined timeframe.

Throttling is implemented using a Token Bucket model. The bucket is large enough to hold the number of tokens denoted by the Burst value, and gains new tokens at the specified Rate. Each API request removes one token from the bucket. Using a Token Bucket allows you to have APIs that support a steady stream of requests with the capability to accommodate the occasional burst.

From a business and technical perspective, throttling ensures that a consumer on a lower tier plan does not introduce performance issues that would disrupt API consumers on a higher tier plan from making API calls.

Usage Plans may be implemented in different API Gateway Stages. Amazon has created Stages so computing environments can be managed independently of each other, such as Test or Production environments. In the event an organization is hosting their APIs on a less powerful Test environment, they may want to enforce different policies for API consumers in that Stage, or environment.

Since Amazon is now metering usage at an API key level, they can also provide consumption data through the Export Usage Data feature. An administrator has the ability to provide a date range and the format of the consumption data including JSON or CSV. This information can then be provided to API consumers in order to justify costs.

Metering consumption, throttling and quotas are not unique to Amazon API Gateway. These are mainstream API Management features that can be found in competing offerings, including Microsoft’s Azure API Management service. Microsoft accomplishes throttling and quotas through the use of policies which can be applied at different scope levels including Product, API or Operation. Consumption tracking occurs at the Developer, Product, Subscription, API and Operation levels.